Java Trust Store

Owned by Metin Savignano
Last updated: 12 Jul, 2023
1 min read

Please note that we've decided to move our support portal to help.savignano.net to to further improve the services for our customers.

The updated version of this page can be found at https://help.savignano.net/snotify-email-encryption/java-trust-store


This page explains how to add certificates to the Java trust store. 

Purpose

You may have to work with certificates that are not in the default trust store. For example, companies often use their own private certificate authority (CA) issuing root certificates that are not included in the default installations.

In that case, these certificates need to be added to the Java trust store of the Jira or Confluence instance.

How to

Certificates can be added to the Java trust store using the keytool utility that comes with Java.

For example, to add a certificate named myRootCert.pem, use 

$JAVA_HOME/bin/keytool -importcert -trustcacerts -cacerts -file myRootCert.pem -alias myRootCert

Notes:

  • The password requested to update the Java truststore is changeit by default.

  • Before Java 9, there was no -cacerts option. Instead you must provide the location of the cacerts keystore using the -keystore option. The cacerts keystore should be located either at $JAVA_HOME/jre/lib/security/cacerts or $JAVA_HOME/lib/security/cacerts.

  • If you need to run the import unattended, append -storepass changeit -noprompt to the above command.

After having added the certificate to the truststore, restart Jira or Confluence.

Beware!


If the keytool command displays  

Certificate was added to keystore

this may not be true. Look out for any error messages like

keytool error: java.io.FileNotFoundException: [...] (Permission denied)

The S/Notify Email Encryption apps are brought to you by savignano software solutions, a small yet savvy IT solutions company in Germany. Click here for legal information.